Conversation
awilfox
requested review from
anarchivist,
danschmidt5189,
davezuckerman,
jason-raitz and
yzhoubk
danschmidt5189
left a comment
danschmidt5189
left a comment
There was a problem hiding this comment.
A few minor questions but definitely not blockers.
|
|
||
| # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. | ||
| # config.force_ssl = true | ||
| config.force_ssl = true |
There was a problem hiding this comment.
Do you know how this behaves behind a proxy that terminates SSL? X-Forwarded-Proto would be https, but the actual connection to the proxy is http.
There was a problem hiding this comment.
AVPlayer and Lost-and-Found both have config.force_ssl enabled, so it should be fine here AFAIK.
danschmidt5189
requested review from
Copilot
and removed request for
anarchivist,
davezuckerman,
jason-raitz and
yzhoubk
There was a problem hiding this comment.
Pull request overview
Updates the application to Rails 7.2, aligning configuration defaults and dependency versions while addressing deprecations (notably Rails.application.secrets removal and Ruby 3.4 warnings).
Changes:
- Upgrade Rails from 7.1 to 7.2 (and update Gemfile/Gemfile.lock accordingly, including adding
mutex_m). - Update environment and framework configuration defaults (e.g.,
load_defaults 7.2, SSL enforcement in production, test/development config tweaks). - Adjust CI and tooling scripts (GitHub Actions build workflow, docker-compose CI overrides, simplified binstubs).
Reviewed changes
Copilot reviewed 11 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| public/robots.txt | Updates documentation URL to HTTPS. |
| docker-compose.ci.yml | Adds a CI mount intended to provide SECRET_KEY_BASE. |
| config/puma.rb | Replaces Puma config comments and adds pidfile support. |
| config/environments/test.rb | Enables deprecation logging to stderr; comment updates. |
| config/environments/production.rb | Enables force_ssl and adds Rails 7.2 production defaults. |
| config/environments/development.rb | Comment/style tweaks; adds Action Mailer template caching setting. |
| config/boot.rb | Removes explicit require 'logger'. |
| config/application.rb | Switches load_defaults to 7.2 and adds autoload_lib ignore list. |
| bin/rubocop | Replaces Bundler-generated binstub with a simplified wrapper and forces explicit config path. |
| bin/brakeman | Replaces Bundler-generated binstub with a simplified wrapper and adds --ensure-latest. |
| app/models/efees_invoice.rb | Migrates from Rails.application.secrets to Rails.application.secret_key_base. |
| Gemfile.lock | Locks Rails 7.2.3 and related dependency updates (including mutex_m). |
| Gemfile | Bumps Rails requirement to 7.2.3 and adds mutex_m. |
| .idea/altmedia.iml | Updates IDE module metadata for new gem versions. |
| .github/workflows/build.yml | Generates a secret key base file during CI stack setup. |
Files not reviewed (1)
- .idea/altmedia.iml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
docker-compose.ci.yml
Outdated
| volumes: !override | ||
| - artifacts:/opt/app/artifacts | ||
| - /tmp/secret_key_base:/run/secrets/SECRET_KEY_BASE |
There was a problem hiding this comment.
Mounting /tmp/secret_key_base at /run/secrets/SECRET_KEY_BASE won’t affect Rails unless something reads that file and sets ENV["SECRET_KEY_BASE"] (no such logic exists in this repo). If the intent is to satisfy Rails 7.2’s secret_key_base requirement in CI, pass SECRET_KEY_BASE as an environment variable to the container (and/or add boot-time code to read /run/secrets/SECRET_KEY_BASE).
There was a problem hiding this comment.
Wrong -- the berkeley_library-docker gem automatically loads secrets from /run/secrets into ENV when the application boots.
* `Rails.application.secrets` is removed; the `secret_key_base` accessor in `Rails.application` has been present since 6.x, so just use that. * Minor configuration updates for 7.2 defaults. * Add `mutex_m` to avoid deprecation warnings for Ruby 3.4. Ref: AP-270
awilfox
force-pushed
the
awilfox/AP-270-rails-7-2
branch
from
e66223e to
0decf6b
Compare
|
v2: Addressed feedback. |
awilfox
requested review from
anarchivist,
davezuckerman,
jason-raitz and
yzhoubk
2 participants
Rails.application.secretsis removed; thesecret_key_baseaccessor inRails.applicationhas been present since 6.x, so just use that.Minor configuration updates for 7.2 defaults.
Add
mutex_mto avoid deprecation warnings for Ruby 3.4.Ref: AP-270
This includes the
SECRET_KEY_BASEsetting inbuild.ymlthat @danschmidt5189 suggested in Slack, so cc'ing him.Only other thing of note is that Rails 7.2 enforces HTTPS (HSTS / redirects) in prod, but this shouldn't be an issue since AFAIK all Library endpoints are HTTPS anyway.